Microsoft, not third parties, should be the one jailbreaking Windows RT

The perverse incentives created by locked-down platforms promote insecurity.

Windows RT hasn't been jailbroken yet, but the first steps towards opening the platform to enable it to run any program, and not merely the ones that Microsoft authorizes, have been taken. Microsoft's reaction so far has been quietly congratulatory, praising developer clrokr's ingenuity, but suggesting that the operating system flaw he took advantage of may not be a permanent feature.

Updating the operating system to be more rigorous in the way the kernel validates data passed into it is no bad thing, but Microsoft should not simply patch up the problem and then wait for the next jailbreak attack. The company should be proactive, and offer an official jailbreak solution of its own.

Although Microsoft is no doubt encouraged that developers are taking the time and interest to try to crack Windows RT, the company should also be concerned. Jailbreaking is a natural reaction to a locked-down, restricted platform, as there will always be some minority of users who don't like the restrictions being imposed—but it's not healthy.

The fundamental problem that these locked-down platforms create is that incentives become misaligned. Normally, it's in the interest of users to install security fixes as and when they become available, to make their systems more secure. It's in hackers' interests for users to not install security fixes, to make their systems easier to attack. But that changes when jailbreaking is brought into consideration. Because jailbreaking depends on exploiting security flaws, the users cease to regard security updates as desirable; they remove wanted functionality (namely, the jailbreak), making them something to be avoided. This is good for hackers, not so much for anyone else.

The misalignment also applies somewhat to the developers creating the jailbreaks. The desire to jailbreak gives those developers an incentive to publish and exploit security flaws so that users can liberate their systems, rather than report those flaws to Microsoft so that they can be fixed.

One thing that the company could do to discourage jailbreakers from avoiding security patches is to bundle security fixes with feature updates. There are rumors that Windows 8 will receive more regular feature improvements than has been typical in the past; if these feature updates also incorporate security fixes then would-be jailbreakers would have a significant incentive to update their systems, even if that meant losing access to the jailbreak.

However, if the upside of jailbreaking is big enough—and the Windows RT crack is significant in this regard, as it enables a substantial increase in functionality—even this won't work. I know a number of people who are clinging to iOS 5 on their iPhones due to the unavailability of an iOS 6 jailbreak, and it seems inevitable that Windows RT users would respond similarly. No feature that Microsoft could add to Windows RT is going to be as transformational as a crack allowing desktop apps.

I've argued on these pages that Microsoft should provide an official mechanism to opt out of the signature restrictions imposed on Metro apps. By all means, keep the restriction on by default to protect users against malware, but provide a toggle somewhere to disable them for those whose needs go beyond the limitations of the platform. Similarly, I believe Microsoft should provide an official way to opt out of the Windows RT desktop's constraints. Provide a Control Panel setting or similar to allow any desktop application to run.

Offering an official jailbreaking solution, something that wouldn't be jeopardized by security updates, would realign incentives appropriately. Users would no longer have anything to fear from security updates, and well-intentioned developers would no longer have the same motivation to publish exploits. This would make the platform more useful to more people. It would mean that developers could spend their time making useful apps rather than figuring out new ways of subverting the operating system. And it would also make the platform more secure for everyone.

93 Reader Comments

I'd get a Surface RT (lighter, more battery life, no fans) in lieu of Surface Pro if I could run GIMP compiled for ARM on it, and a web design app, perhaps MS's own Expression Web and/or VS Express for Web.

I just need that stuff, along with RDP client and MS Office. RT is within a stone's throw of working just fine for me. Alas it is not to be.

A "jailbroken" Windows RT...isn't that just Windows 8? I thought the whole point of Windows RT is to offer a locked-down, idiot-proof OS kind of like what iOS is. For those who want the unlimited customizability of a jailbroken OS, Windows 8 just seems like a better fit than Windows RT.

I honestly don't see what the big deal is about. Well, I can see why it's a "deal", but not a *big* deal. If Microsoft went from what they've been doing for decades and then did a 180 and *only* provided a Windows RT-like experience throughout Windows 8, then I could understand. Currently, users are *opting in* to purchase Windows RT devices, and do have several other avenues to take to avoid it.

I can understand some of the confusion that may occur to basic users that don't understand the differences between the two environments, but to me that doesn't really excuse the types of users that are willing to go through whatever is necessary to jailbreak because those types are even more inclined to understand the limitations already set in place.

From there, it's just the hardware that people want or like without having to get a (most likely) heavier and bulkier full Windows 8 tablet, but then you run into an entirely new set of problems with the majority of users (the majority of users not being Ars/tech-savvy users; such as your parents/grandparents): when they think they *can* do something then they think that something should work well. So you have people who have their favorite program finding out they can officially jailbreak their Surface in order to use it, and start running into a plethora of potential issues that then crop up.

Then you inevitably get thousands of users complaining to the developer or to Microsoft about how their Surface is too slow or crashes when running x application. Enough people start complaining and then you have to spend even more time and potential resources to either simply address or fix the issue.

In my personal opinion, I think it's great that Microsoft has the best of both worlds (it's one thing if you don't like a locked down system and it's completely understanding, but it's another if you refuse to see the benefits that are provided by it).

With that being said, I do hope and fully expect that users will eventually jailbreak the system. Thus leaving it up only to those willing to put in the time and effort to do so. I also don't want nor expect Microsoft to put in effort to do such a thing, but at the same time hope they don't do too much to prevent it at the same time.

This is also ignoring that the most common result of jailbreaking ends up with pirating (not trying to my my case based on this alone, just mentioning). Not that homebrew and customization and control aren't also valid excuses, but when it becomes easy enough to do then the lazy/cheap/devious (I'll admit I've been all three, and am now mainly lazy and cheap) start swarming en masse to take advantage. It doesn't make much business sense for Microsoft to potentially open up that can of worms which could stop the official application store dead in its tracks (while not wholly familiar with Windows RT jailbreaking, once you jailbreak an iDevice, it's a hop-skip-and-a-jump to downloading nearly every App Store app for free. And it didn't take too long to get to that point).

Speaking of "incentives becoming misaligned", it begins favoring the intrepid user and could, in some extreme version, stop incentivizing the intrepid developer to make use of the device. Especially when users are reliant upon their work (for better or wrose).

I apologize for ranting, but I hope anyone who stayed this long realizes that I don't think a locked or an open system are either in any way "wrong" or "bad". Only that they both have their pros as well as their cons, and in this case of Windows, RT isn't the end-all or be-all of the OS and is so far only on a few select devices (that I'm currently aware of). At this point in time, I can understand why Microsoft wouldn't want to promote jailbreaking in any way, and am merely trying to give another point of view to what is most likely an unpopular opinion.

I'd get a Surface RT (lighter, more battery life, no fans) in lieu of Surface Pro if I could run GIMP compiled for ARM on it, and a web design app, perhaps MS's own Expression Web and/or VS Express for Web.

I'd get a Surface RT (lighter, more battery life, no fans) in lieu of Surface Pro if I could run GIMP compiled for ARM on it, and a web design app, perhaps MS's own Expression Web and/or VS Express for Web.

A "jailbroken" Windows RT...isn't that just Windows 8? I thought the whole point of Windows RT is to offer a locked-down, idiot-proof OS kind of like what iOS is. For those who want the unlimited customizability of a jailbroken OS, Windows 8 just seems like a better fit than Windows RT.

Windows 8 requires x86 or x64. Windows RT requires ARM. ARM has significantly lighter power requirements which makes Windows RT machines quite a bit better on the battery performance front. What you just proposed doesn't exist in any shipping product: Windows 8 for ARM. MS may as well go the other way and ship Windows RT for x86/x64 as well.

I know people where "a small monetary outlay of money" is a contradictory phrase, a practical impossibility. They don't have "justifications" for pirating, they have ZERO money for apps, let alone working plastic to transact it.

So they jailbreak, and can haz all the apps; they spend a bunch of extra clicks (which they can afford) and sidestep the issue.

It is only a matter of time until Win8 RT falls, and if it does not, then a large number of real life human beings will consider the devices to be useless junk, not worth buying used, or even receiving as a gift, "because Grandma, that windows one sucks, the apple/android one is better".

I wonder if a lot of the features of the PS3 were set up so there would be less reasons to jailbreak/hack it? Although Linux went away (sadly), there's no region-locking for retail games (with at least one exception I can think of), you can switch out the harddrive without any hacking, and its got media software, a browser, etc.

Granted, I think some of the lack of interest in Windows RT devices is because its so locked down. To enthusiasts, that is. I don't think there's enough reason for a normal person to choose an RT tablet over a Windows 8 tablet.

I honestly don't see what the big deal is about. If Microsoft went from what they've been doing for decades and then did a 180 and *only* provided a Windows RT-like experience throughout Windows 8, then I could understand. Currently, users are *opting in* to purchase Windows RT devices, and do have several other avenues to take to avoid it.

I can understand some of the confusion that may occur to basic users that don't understand the differences between the two environments, but to me that doesn't really excuse the types of users that are willing to go through whatever is necessary to jailbreak because those types are even more inclined to understand the limitations already set in place.

Sometimes, we just want the hardware and care little for what OS is loaded on, and will make due as we see fit... by jailbreaking/hacking it.

There are rumors that Windows 8 will receive more regular feature improvements than has been typical in the past; if these feature updates also incorporate security fixes then would-be jailbreakers would have a significant incentive to update their systems, even if that meant losing access to the jailbreak.

That's not a real solution. Patches and security fixes need to be rolled out fast. Feature updates need more lead time. Unless you propose that Microsoft should hold new, completed features hostage until the next security flaw is discovered, there will not be new features available quickly enough to link to security fixes.

RT needs to be a platform where anyone can run and compile code for it. They're trying to leverage themselves into the mobile and tablet space by emulating what Apple has - a locked down iOS where all software flows through their market place, ensuring Apple a cut.

Apple has critical mass to support this model - the user base, the software, and 3rd party developer support.

What does RT have? Incompatibility with x86 Windows applications.

Users aren't adopting it because there is no software.

Developers aren't developing for it because there are no users.

Jailbreaking RT is a great first step to correcting what Microsoft pigeonholed themselves into,but I agree that Microsoft should be the ones leading the charge if they ever want the platform to be adopted.

I had imagined the lock-out as being intended to keep the RT platform at the low end, and drive higher-end users to higher priced, x86-based Windows 8 devices. A jailbreak for RT, then, represents a loss of revenue, if people can make the lower priced devices work for them. (Highly questionable.) And that's probably part of the formula as to why Microsoft will not do it themselves, or at least not this early in the RT and 8 product cycles.

I think that RT is for the low end, non-techie mass market consumer, and that's about it. In that market, a jailbreak means very little. Indeed, such users tend to avoid the black arts for fear of losing provider/seller support.

There are rumors that Windows 8 will receive more regular feature improvements than has been typical in the past; if these feature updates also incorporate security fixes then would-be jailbreakers would have a significant incentive to update their systems, even if that meant losing access to the jailbreak.

That's not a real solution. Patches and security fixes need to be rolled out fast. Feature updates need more lead time. Unless you propose that Microsoft should hold new, completed features hostage until the next security flaw is discovered, there will not be new features available quickly enough to link to security fixes.

Of course you roll out the patches as fast as possible, but that doesn't stop you from also including them with any feature upgrades you offer. Think of it as two patch cycles; the fast one for most users, and a slow one to tempt in as many jailbreakers as you can.

A "jailbroken" Windows RT...isn't that just Windows 8? I thought the whole point of Windows RT is to offer a locked-down, idiot-proof OS kind of like what iOS is. For those who want the unlimited customizability of a jailbroken OS, Windows 8 just seems like a better fit than Windows RT.

Windows 8 requires x86 or x64. Windows RT requires ARM. ARM has significantly lighter power requirements which makes Windows RT machines quite a bit better on the battery performance front. What you just proposed doesn't exist in any shipping product: Windows 8 for ARM. MS may as well go the other way and ship Windows RT for x86/x64 as well.

But with Clover Trail products claiming similar battery life to ARM devices, offering superior processor performance, and being priced similarly as well, I'm not sure what the advantage of a jailbroken Windows RT device is over a Clover Trail x86 device.

I wonder if a lot of the features of the PS3 were set up so there would be less reasons to jailbreak/hack it?

Given that it was relatively unharmed until they removed the Other OS feature, then had everything broken in short order once they did, I would argue that by playing along (even as weakly as Sony did) they redirected the attention of those most capable of cracking it.

Quote:

Although Linux went away (sadly), there's no region-locking for retail games (with at least one exception I can think of), you can switch out the harddrive without any hacking, and its got media software, a browser, etc.

There is some region locking, but it's up to the software vendor. The rest is Sony taking a shockingly customer friendly stance, but as we've seen their left hand often doesn't know what the right is doing and someone ends up stabbing the customer.

There are rumors that Windows 8 will receive more regular feature improvements than has been typical in the past; if these feature updates also incorporate security fixes then would-be jailbreakers would have a significant incentive to update their systems, even if that meant losing access to the jailbreak.

That's not a real solution. Patches and security fixes need to be rolled out fast. Feature updates need more lead time. Unless you propose that Microsoft should hold new, completed features hostage until the next security flaw is discovered, there will not be new features available quickly enough to link to security fixes.

This. In no way should these be combined. Security patches are necessary in nature and need rollout more frequently. Features are optional and can be months between. Holding one or the other hostage by linking them is hazardous to the platform at best and disingenuous at worst.

The original premise, Microsoft allowing an opt-in for sideloading, is a much better course to follow.

To those saying to just by a Windows 8 device, please remember there is a world of difference still in the x86 and ARM hardware that is out there. Like it or hate it, ARM is still a better fit for compact, low-power devices; x86 isn't quite there yet. Additionally, there are those that don't want the desktop experience and just want to sideload Metro apps. The RT devices remain a better choice for the "average" user that wants an iPad-like experience (well, as close as it gets while still using Windows).

I suppose it's Microsoft's fault more than anyone for making the differences between 8 and RT so blurry to the average consumer. I've been told I'm very good at explaining complex technology to lay people, and yet I had a heck of a time explaining the differences between 8 and RT to my customers =/

In many ways, I wish Microsoft made RT a more Windows Phone experience, dumping the desktop entirely for that product line. I don't enjoy explaining to people why there x86 software has no hope in hell working on RT even though the desktop "looks the same".

Locking down iOS has worked pretty well for Apple AND for users of iOS devices (those of us who want to run them inside the ecosystem as it was designed). I don't see any reason that it can't work well for Microsoft and whatever small number of RT users there are. Yes, I understand that most people here are temperamentally in favor of having devices be capable of doing anything you want to throw at it, but real, everyday users are served very nicely by the other way. You can build your own systems and ecosystem (Linux, for instance) all you want, but it's silly to pretend that most users are better served by doing things your way.

I'd get a Surface RT (lighter, more battery life, no fans) in lieu of Surface Pro if I could run GIMP compiled for ARM on it,

Which is exactly why Microsoft won't do it. Surface Pro devices are hundreds of dollars more expensive than Surface RT ones. RT's lockdown is an important part of Pro's value proposition.

Well, partly that, but I'd also argue its to encourage development of WinRT applications as opposed to everyone keeping with Win32. I sort of expect that Microsoft is looking forward to 10, 20 years from now when they can finally retire Win32.

There are rumors that Windows 8 will receive more regular feature improvements than has been typical in the past; if these feature updates also incorporate security fixes then would-be jailbreakers would have a significant incentive to update their systems, even if that meant losing access to the jailbreak.

That's not a real solution. Patches and security fixes need to be rolled out fast. Feature updates need more lead time. Unless you propose that Microsoft should hold new, completed features hostage until the next security flaw is discovered, there will not be new features available quickly enough to link to security fixes.

Making security updates mandatory parts of feature updates doesn't mean that you can't roll out the security updates quickly. It just means that the periodic feature updates also incorporate all available security updates.

Why, in any real life situation, would MS want to support a device that is no longer being operated as intended? Once a device is jailbroken then it suddenly becomes possible to pirate software, which (Peter actually mentioned in an article in the past) would shake developers' faith in the marketplace and probably spell its doom.

This reminds me of the call for Microsoft to not restrict certain updates to pirated keys because it would make computing generally safer. Once again, why would Microsoft want to support this?

Sometimes, we just want the hardware and care little for what OS is loaded on, and will make due as we see fit... by jailbreaking/hacking it.

Wouldn't it make more sense to just buy different hardware with the OS you want? Or is the ARM so Godtastically superior to every other platform that you can't live with anything else?Or is it just a perverse obsession to hack into RT simply because MS told you that you can't?

In my opinion, all three major mobile OSes (Android, iOS, WindowsRT) should split "app store" from "jailed".

The store should be heavily policed, a la iOS. You know what you're getting (into) with it.

The jail should as easy to break out of as Android, however.

This is fine for consumers; most will never need or want to wander out of the jailed app store. Of those who do, most will be capable of weighing the probability that a particular app is laden with malware.

It's also fine for businesses because it both lets them load software as needed, and they can remove access to the jailbreak button. Ideally, let it be "jailbroken" from remote, so IT can install apps outside of the store easily; e.g. if a recruiter needs Facebook messenger, or something else normally forbidden but situationally acceptable.

I'd get a Surface RT (lighter, more battery life, no fans) in lieu of Surface Pro if I could run GIMP compiled for ARM on it,

Which is exactly why Microsoft won't do it. Surface Pro devices are hundreds of dollars more expensive than Surface RT ones. RT's lockdown is an important part of Pro's value proposition.

Well, partly that, but I'd also argue its to encourage development of WinRT applications as opposed to everyone keeping with Win32. I sort of expect that Microsoft is looking forward to 10, 20 years from now when they can finally retire Win32.

I don't think so. Intel is going to make CPUs with power requirements on par with ARM. And they'll do it soon. If upcoming Clover Trail CPUs are rated at 10W, imagine what they'll have a couple of years down the road?

I think Win RT is a stopgap measure so MS has something to compete against iPads and Android tablets. The RT, not Win32, will be retired.

I'd get a Surface RT (lighter, more battery life, no fans) in lieu of Surface Pro if I could run GIMP compiled for ARM on it,

Which is exactly why Microsoft won't do it. Surface Pro devices are hundreds of dollars more expensive than Surface RT ones. RT's lockdown is an important part of Pro's value proposition.

Well, partly that, but I'd also argue its to encourage development of WinRT applications as opposed to everyone keeping with Win32. I sort of expect that Microsoft is looking forward to 10, 20 years from now when they can finally retire Win32.

I don't think so. Intel is going to make CPUs with power requirements on par with ARM. And they'll do it soon. If upcoming Clover Trail CPUs are rated at 10W, imagine what they'll have a couple of years down the road?

I think Win RT is a stopgap measure so MS has something to compete against iPads and Android tablets. The RT, not Win32, will be retired.

I wouldn't be so sure on that. Intel got the power consumption down by using process technology (3d gates, smaller process node) that isn't available to anyone else, yet. Once it does, I expect ARM chips to drop in power as well. this creates a moving target for Intel, one that I expect will be difficult for them to catch. If they do or not is anyone's guess, but I suspect the ARM companies already regard Intel as a threat and are taking measures to ensure Intel will be the loser in the "arms race"

There are rumors that Windows 8 will receive more regular feature improvements than has been typical in the past; if these feature updates also incorporate security fixes then would-be jailbreakers would have a significant incentive to update their systems, even if that meant losing access to the jailbreak.

That's not a real solution. Patches and security fixes need to be rolled out fast. Feature updates need more lead time. Unless you propose that Microsoft should hold new, completed features hostage until the next security flaw is discovered, there will not be new features available quickly enough to link to security fixes.

Making security updates mandatory parts of feature updates doesn't mean that you can't roll out the security updates quickly. It just means that the periodic feature updates also incorporate all available security updates.

Isn't it still a security fail if people wait 6 months before installing a bundled security patch, instead of installing it as soon as the patch is available? You still have opposing incentives.

I wonder if a lot of the features of the PS3 were set up so there would be less reasons to jailbreak/hack it?

Given that it was relatively unharmed until they removed the Other OS feature, then had everything broken in short order once they did, I would argue that by playing along (even as weakly as Sony did) they redirected the attention of those most capable of cracking it.

Quote:

Although Linux went away (sadly), there's no region-locking for retail games (with at least one exception I can think of), you can switch out the harddrive without any hacking, and its got media software, a browser, etc.

There is some region locking, but it's up to the software vendor. The rest is Sony taking a shockingly customer friendly stance, but as we've seen their left hand often doesn't know what the right is doing and someone ends up stabbing the customer.

Sony is actually an incredibly customer-friendly company these days. I always find it strange that people are still rolling with some Sony hate from decades ago. Let me guess: you're still pissed off about the rootkit stuff? Also they disabled OtherOS AFTER that little dude's hack was posted online.

There are rumors that Windows 8 will receive more regular feature improvements than has been typical in the past; if these feature updates also incorporate security fixes then would-be jailbreakers would have a significant incentive to update their systems, even if that meant losing access to the jailbreak.

That's not a real solution. Patches and security fixes need to be rolled out fast. Feature updates need more lead time. Unless you propose that Microsoft should hold new, completed features hostage until the next security flaw is discovered, there will not be new features available quickly enough to link to security fixes.

Making security updates mandatory parts of feature updates doesn't mean that you can't roll out the security updates quickly. It just means that the periodic feature updates also incorporate all available security updates.

Isn't it still a security fail if people wait 6 months before installing a bundled security patch, instead of installing it as soon as the patch is available? You still have opposing incentives.

Microsoft's target market, i.e. the target for all of their long term walled garden goals, is all consumer level hardware. Currently, this includes every last PC component and system that will be produced.

I don't know why we have people arguing that corporations should be able to dictate what we do with our property after it is sold, or why they should be allowed to retain such control after the sale. Let alone allow companies like Microsoft, who can steer an entire industry (see the shift to UEFI,) to engage in walled garden like activities on any platform.

I may not be their target market, but I'll be damned if I can avoid Microsoft's influence.

IvorB wrote:

I always find it strange that people are still rolling with some Sony hate from decades ago. Let me guess: you're still pissed off about the rootkit stuff?

Well, the rootkit stuff was done by Sony Music, not the same as SCEI. But that was not decades ago and no one was punished for it (which goes to show the power of being a corporation. Federal laws don't really apply to you.)

Quote:

Also they disabled OtherOS AFTER that little dude's hack was posted online.

And his hack did little more than allow access to the GPU, which would not have been necessary if their Other OS feature had been a touch more than a tax end-run.

As a person who is very interested in Surface and Windows 8/RT devices, I will be avoiding RT until MS allows the option of running unsigned code. SO -- fix that and then shut up and take my money.

Maybe, just maybe, you aren't actually part of their target market.

And that's fine. I'm free to go get a comparable device that isn't locked down for a similar price and throw my money at that company. The confounding part is: why would Microsoft want me to? It's a software switch we're talking about here.

The only reason for maintain the lock to me are: battery requirements for win32 apps and the temporary state of the desktop on Windows RT. To me they had to rush it and they released a port of windows 8 on ARM but with more time they will be able to remove the desktop completely so they don't want people to use desktop apps. The problem of touch on win32 isn't a real problem, you can always get a mouse or make bigger buttons, it doesn't look nice but it works. But people won't use Win RT until the API will be powerful enough to do almost everything you do now on the desktop.

It's wrong to characterize the people wanting a jailbreak as "users" because it implies plurality. The percentage of users who would actually care about jailbreaking as a feature is likely minuscule.

But nonetheless it is greater than one user, and those who jailbreak do in fact use the platform. Therefore "users" is appropriate. I'm confused as to why you'd deliberately play down the fact that jailbreaking is a not insignificant reality?